Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Stark CRM 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, or (3) notes parameter to the client page; (4) insu_name or (5) price parameter to the add_insurance_cat page; or (6) status[] parameter to the add_status page.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Stark CRM 跨站脚本漏洞
Vulnerability Description
Stark CRM是一套客户关系管理系统(CRM)。该系统简化了人员、客户和项目的流程管理。 Stark CRM 1.0版本中存在跨站脚本漏洞,该漏洞源于client页面没有充分过滤‘first_name’、‘last_name’或‘notes’参数,add_insurance_cat页面没有充分过滤‘insu_name’和‘price’参数,add_status页面没有充分过滤‘status[]’参数。远程攻击者可利用该漏洞注入任意Web脚本或HTML。
CVSS Information
N/A
Vulnerability Type
N/A